<?php
### LISTING OF index.php
### first some definitions we will be using.
define ("DBHOST", "localhost");
define ("DBNAME", "dgrega_paypal");
define ("DBUSER", "dgrega_paypal");
define ("DBPASS", "h3lpf4rce_rulez");

define("PAYPAL_USER", "you@youremail.com");
define("PPLINK", "https://www.paypal.com/xclick/business=".
    PAYPAL_USER.
    "&item_name=members_payment&item_number=1".
    "&amount=10.00&no_note=1&currency_code=USD");

// our login form for user logins
$SHOW_LOGIN_FORM = <<<ENDFORM
    <br /><br />
    <center><form method='post' action='$PHP_SELF'><table>
    <tr>
        <td>Username: </td>
        <td><input name='username' type='text' value=''></td>
    </tr>
    <tr>
        <td>Password: </td>
        <td><input name='password' type='password' value=''></td>
    </tr>
    <tr>
        <td colspan='2' align='center'>
            <input type='submit' value='log in'>
        </td>
    </tr>
    </table>
    </form></center>
ENDFORM;

// a function to handle setting cookies.
function sec_setcookie($var, $val, $modify=3600)
{
    $exp = gmstrftime("%A, %d-%b-%Y %H:%M:%S", time() + $modify);
    $dom = $GLOBALS["HTTP_HOST"];
    if (preg_match("/^(.*):(.*)$/", $dom, $arr)) {
           print_r($arr);
        $dom = $arr[1];
    }
    $parts = explode(".", $dom);
    $dom = ".". $parts[count($parts)-2]. ".". $parts[count($parts) - 1];
    setcookie($var, $val, time() + $modify,"/", $dom, 0);
    ${$var} = $val;

    global ${$var};
} //end function

### CONNECT TO THE DATABASE
function DatabaseConnect()
{
    if (!($mylink = mysql_connect(DBHOST, DBUSER, DBPASS))) {
        echo mysql_error();
        exit;
    } //fi
    mysql_select_db(DBNAME) or die(mysql_error());
} // end function
DatabaseConnect(); // this will automatically connect us


### NOW THE LOGIC
// first see if we have a post
if ($HTTP_POST_VARS['username'] && $HTTP_POST_VARS['password']) {
    $sql = "
        SELECT *
        FROM users
        WHERE username = '$username'
            AND password = '$password'
    ";
    $result  = mysql_db_query(DBNAME, $sql);

    if (mysql_num_rows($result) > 0) {
        $info = mysql_fetch_assoc($result);
        if ($info[paid] == "Y") {
            sec_setcookie("username", $username);
            sec_setcookie("password", $password);
        } else {
            echo "<center><font color=red><b>ERROR, ACCOUNT NOT PAID</b></font><br>
            <a href=".PPLINK.">CLICK HERE</a> to pay for service.</center>";
            die();
        } //fi
    } else {
        sec_setcookie("count", $count + 1);
        echo "<center><font color=red><b>ERROR IN LOGIN - SIGN UP FOR AN ACCOUNT FIRST</b></font></center>";
        if ($count > 3) {
            echo "<center><font color=red><b>TOO MANY ATTEMPTS, TRY LATER</b></font></center>";
        } else {
            echo SHOW_LOGIN_FORM;
        } //fi
        die();
    } //fi
} //fi

if($_COOKIE['username'] && $_COOKIE['password']) {
    $sql = "
        SELECT *
        FROM users
        WHERE username = '$username'
            AND password = '$password'
    ";
    $result  = mysql_db_query(DBNAME, $sql);

    if (mysql_num_rows($result) == 0) {
        # clear the cookies
        sec_setcookie("username", "");
        sec_setcookie("password", "");
        echo SHOW_LOGIN_FORM;
        die();
    } //fi
} else {
    echo SHOW_LOGIN_FORM;
    die();
} //fi
?>
HERE IS THE PAID FOR PAGE. 